Toward a social compact for digital privacy and security

Executive summary The Global Commission on Internet Governance (GCIG) was established in January 2014 to articulate and advance a strategic vision for the future of Internet governance. In recent deliberations, the Commission discussed the potential for a damaging erosion of trust in the absence of a broad social agreement on norms for digital privacy and security. The Commission considers that, for the Internet to remain a global engine of social and economic progress that reflects the world’s cultural diversity, confidence must be restored in the Internet because trust is eroding. The Internet should be open, freely available to all, secure and safe. The Commission thus agrees that all stakeholders must collaborate together to adopt norms for responsible behaviour on the Internet. On the occasion of the April 2015 Global Conference on Cyberspace meeting in The Hague, the Commission calls on the global community to build a new social compact between citizens and their elected representatives, the judiciary, law enforcement and intelligence agencies, business, civil society and the Internet technical community, with the goal of restoring trust and enhancing confidence in the Internet. It is now essential that governments, collaborating with all other stakeholders, take steps to build confidence that the right to privacy of all people is respected on the Internet. It is essential at the same time to ensure the rule of law is upheld. The two goals are not exclusive; indeed, they are mutually reinforcing. Individuals and businesses must be protected both from the misuse of the Internet by terrorists, cyber criminal groups and the overreach of governments and businesses that collect and use private data. A social compact must be built on a shared commitment by all stakeholders in developed and less developed countries to take concrete action in their own jurisdictions to build trust and confidence in the Internet. A commitment to the concept of collaborative security and to privacy must replace lengthy and over-politicized negotiations and conferences

Computational Soundness for Dalvik Bytecode

Automatically analyzing information flow within Android applications that rely on cryptographic operations with their computational security guarantees imposes formidable challenges that existing approaches for understanding an app's behavior struggle to meet. These approaches do not distinguish cryptographic and non-cryptographic operations, and hence do not account for cryptographic protections: f(m) is considered sensitive for a sensitive message m irrespective of potential secrecy properties offered by a cryptographic operation f. These approaches consequently provide a safe approximation of the app's behavior, but they mistakenly classify a large fraction of apps as potentially insecure and consequently yield overly pessimistic results. In this paper, we show how cryptographic operations can be faithfully included into existing approaches for automated app analysis. To this end, we first show how cryptographic operations can be expressed as symbolic abstractions within the comprehensive Dalvik bytecode language. These abstractions are accessible to automated analysis, and they can be conveniently added to existing app analysis tools using minor changes in their semantics. Second, we show that our abstractions are faithful by providing the first computational soundness result for Dalvik bytecode, i.e., the absence of attacks against our symbolically abstracted program entails the absence of any attacks against a suitable cryptographic program realization. We cast our computational soundness result in the CoSP framework, which makes the result modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape

Internet Surveys by Direct Mailing: An Innovative Way of Collecting Data

This article describes a new method of collecting data by direct mailing via the Internet. Feasibility and capacities were evaluated through a worldwide opinion poll on global future risks of mankind and potential solutions. Within 1 day, a structured questionnaire was sent to 8,859 randomly selected e-mail addresses. One thousand seven hundred and thirteen were remailed properly completed, 90 within 4 days. Most respondents were residents of North America (64) and Europe (21 ), male (87), and 30 years old on average. Environmental destruction (52) was mentioned as the primary problem, followed by violence (45) and unemployment (45). Education (71 ) was the most frequently proposed solution to future problems. It is obvious that Internet surveys at this time are not repre sentative of the total population. However, they open new dimensions in the interrogation of experts and opinion leaders, especially considering their efficiency and potential for automation

Patient access to complex chronic disease records on the internet

Background: Access to medical records on the Internet has been reported to be acceptable and popular with patients, although most published evaluations have been of primary care or office-based practice. We tested the feasibility and acceptability of making unscreened results and data from a complex chronic disease pathway (renal medicine) available to patients over the Internet in a project involving more than half of renal units in the UK. Methods: Content and presentation of the Renal PatientView (RPV) system was developed with patient groups. It was designed to receive information from multiple local information systems and to require minimal extra work in units. After piloting in 4 centres in 2005 it was made available more widely. Opinions were sought from both patients who enrolled and from those who did not in a paper survey, and from staff in an electronic survey. Anonymous data on enrolments and usage were extracted from the webserver. Results: By mid 2011 over 17,000 patients from 47 of the 75 renal units in the UK had registered. Users had a wide age range (<10 to >90 yrs) but were younger and had more years of education than non-users. They were enthusiastic about the concept, found it easy to use, and 80% felt it gave them a better understanding of their disease. The most common reason for not enrolling was being unaware of the system. A minority of patients had security concerns, and these were reduced after enrolling. Staff responses were also strongly positive. They reported that it aided patient concordance and disease management, and increased the quality of consultations with a neutral effect on consultation length. Neither patient nor staff responses suggested that RPV led to an overall increase in patient anxiety or to an increased burden on renal units beyond the time required to enrol each patient. Conclusions: Patient Internet access to secondary care records concerning a complex chronic disease is feasible and popular, providing an increased sense of empowerment and understanding, with no serious identified negative consequences. Security concerns were present but rarely prevented participation. These are powerful reasons to make this type of access more widely available

Tracking Users across the Web via TLS Session Resumption

User tracking on the Internet can come in various forms, e.g., via cookies or by fingerprinting web browsers. A technique that got less attention so far is user tracking based on TLS and specifically based on the TLS session resumption mechanism. To the best of our knowledge, we are the first that investigate the applicability of TLS session resumption for user tracking. For that, we evaluated the configuration of 48 popular browsers and one million of the most popular websites. Moreover, we present a so-called prolongation attack, which allows extending the tracking period beyond the lifetime of the session resumption mechanism. To show that under the observed browser configurations tracking via TLS session resumptions is feasible, we also looked into DNS data to understand the longest consecutive tracking period for a user by a particular website. Our results indicate that with the standard setting of the session resumption lifetime in many current browsers, the average user can be tracked for up to eight days. With a session resumption lifetime of seven days, as recommended upper limit in the draft for TLS version 1.3, 65% of all users in our dataset can be tracked permanently.Comment: 11 page

Engagement in agriculture protects against food insecurity and malnutrition in peri-urban Nepal

BACKGROUND: Urbanization is occurring rapidly in many low- and middle-income countries, which may affect households’ livelihoods, diet, and food security and nutritional outcomes. OBJECTIVE: The main objective of our study was to explore whether agricultural activity amongst a peri-urban population in Nepal was associated with better or worse food household security, household and maternal dietary diversity, and nutritional outcomes for children and women. METHODS: A cross-sectional survey administered to 344 mother-child pairs in Bhaktapur district, Nepal, including data on household agricultural practices, livestock ownership, food security, dietary diversity and expenditures, anthropometric measurements of children (aged 5–6 years old), maternal body mass index (BMI), and maternal anemia. Multivariable adjusted and unadjusted odds ratios (AOR and OR respectively) were calculated using logistic regression. RESULTS: Our findings suggest that in this sample, cultivation of land was associated with a lower odds of child stunting (AOR 0.55, 95% CI 0.33,0.93) and household food insecurity (AOR 0.33, 95% CI 0.18, 0.63), but not low (or high) maternal BMI or anemia. Livestock ownership (mostly chickens) was associated with lower of food insecurity (AOR 0.34, 95% CI 0.16, 0.73) but not with nutrition outcomes. Women in farming households were significantly more likely to eat green leafy vegetables than women in non-farming households, and children living in households that grew vegetables had a lower odds of stunting than children in households that cultivated land but did not grow vegetables (AOR 0.49, 95% CI 0.25, 0.98). CONCLUSIONS: Our study suggests that households involved in cultivation of land in peri-urban Bhaktapur had lower odds of children's stunting and of food insecurity than non-cultivating households – and that vegetable consumption is higher among those households. Given Nepal's rapid urbanization rate, more attention is needed to the potential role of peri-urban agriculture in shaping diets and nutrition.Funding was provided by the USAID Feed the Future Security Innovation Lab for Nutrition - Asia [award number AIDOAA-l-10-00005] through a sub-contract to the Harvard T.H. Chan School of Public Health and the Johns Hopkins Bloomberg School of Public Health from the Friedman School of Nutrition Science and Policy, Tufts University; and by the GC Rieber Foundation.https://academic.oup.com/cdn/advance-article/doi/10.1093/cdn/nzy078/5154906Accepted manuscrip

Exploring the behavioral intention to use e-government services : validating the unified theory of acceptance and use of technology

This study explores the online users’ behavioral intention to utilize the governments’ websites and their electronic services. The research methodology validates the measuring items from the unified theory of acceptance and use of technology (UTAUT) to better understand the participants’ attitudes toward their performance expectancy, effort expectancy, social norms, facilitating condition and behavioral intention to use the electronic government (e-gov) services. The findings from the structural equations modeling approach reported a satisfactory fit for this study’s research model. The results suggest that there were highly significant, direct effects from the UTAUT constructs, where the utilitarian motives predicted the online users’ behavioral intentions to use e-gov. Moreover, there were significant moderating influences from the demographic variables, including age, gender and experiences that effected the individuals’ usage of the governments’ online services. In conclusion, this contribution identifies its limitations and suggests possible research avenues to academia.peer-reviewe